As if you needed another reason not to put an internet-connected microphone in your child's bedroom. A California-based toy company selling "a message you can hug" reportedly exposed over 2 million voice messages recorded between parents and children to online hackers.
What's worse, the company was allegedly notified multiple times that additional customer data was online and available for anyone to grab — yet the data remained up for at least a week with evidence suggesting that it was stolen more than once. Products with names like "Talking Puppy" connect a child and relatives via the internet and allow them to send recorded voicemails back and forth.Read more
Usenix Enigma 2017 Hacking sensors isn’t as big an area of research as hacking operating systems and firmware, but the results of simple physical hacks can be far-reaching.
In a talk at Enigma 2017 researcher showed how active and passive sensors can be hacked by simple laser pointer or speakers set on just the right frequency. Passive sensors, like gyroscopes and magnetometers, simply measure their environment and report back. Active sensors, like radar and sonar, send out a signal and then take measurements on the return signal. Both are hackable relatively simply.Read more
A House bill was introduced Tuesday that could accelerate the federal government’s involvement in regulating automobile cybersecurity.
The Security and Privacy in Your Car Study Act of 2017 calls on the National Highway Traffic Safety Administration to lead a study of necessary security standards that could be included in a law governing cars built in the US or imported for sale. A similar SPY Car Act of 2015 introduced by Sen. Edward Markey was much more prescriptive of the NHTSA in securing electronic controls and driving data collected by vehicle systems. This week’s bill calls for the NHTSA to study the issue alongside the Federal Trade Commission.Read more
BMW and IBM's artificial intelligence system, known as Watson, are to collaborate on creating a new way for drivers to communicate with their cars.
The partnership will be based in Munich, home to both the carmaker and the Watson division, which recently received $200m of investment from IBM to bring cognitive computing to Internet of Things devices. Thanks to the increasing popularity of advanced software and embedded internet connections, cars are fast becoming the largest and most complex IoT device many of us will own. A fleet of four BMW i8 hybrid sports cars will be used as a testbed for new technologies created by the collaboration.Read more
New research published this week could provide plenty of fresh fodder for Mirai, a malware strain that enslaves poorly-secured Internet of Things devices for use in powerful online attacks. Researchers in Austria have unearthed a pair of backdoor accounts in more than 80 different IP camera models made by Sony Corp.
Separately, Israeli security experts have discovered trivially exploitable weaknesses in nearly a half-million white-labeled IP camera models that are not currently sought out by Mirai. Austrian security firm SEC Consult said it found two apparent backdoor accounts in Sony IPELA Engine IP Cameras — devices mainly used by enterprises and authorities.Read more
Hundreds of thousands of Deutsche Telekom customers in Germany were hit on Sunday by network outages and a company executive blamed the disruptions on a failed hacking attempt to hijack consumer router devices for a wider internet attack.
Deutsche Telekom said as many as 900,000, or about 4.5 percent of its 20 million fixed-line customers, suffered internet outages starting on Sunday and continuing into Monday, when the number of affected users began to decline sharply. Deutsche Telekom's head of IT Security told that the outages appeared to be tied to a botched attempt to turn a sizeable number of customers' routers into a part of the Mirai botnet.Read more
Just Imaging — What if, you enter into your home from a chilling weather outside, and the heating system fails to work because of a cyber attack, leaving you in the sense of panic? The same happened late last month when an attack knocks heating system offline in Finland.
Last week, a Distributed Denial of Service attack led to the disruption of the heating systems for at least two housing blocks in the city of Lappeenranta, literally leaving their residents in subzero weather. Both the apartments are managed by a company called Valtia, a facilities services company headquartered in Lappeenranta. Valtia CEO Simo Rounela confirmed that the central heating system and hot water system in both buildings had become a target of DDoS attacks.Read more
Another day, another Internet of Things security problem. This time Belkin, a company that’s been called out before for vulnerable home automation kit, has issued a firmware update that will prevent old school attacks on its WeMo kit that could have let malicious hackers haunt not just customers’ homes, but their Android smartphones too.
Whilst Belkin’s update addresses the issues, the hackers told it was possible to completely kill the update process on already-compromised devices, preventing any fix from ever being delivered. The first vulnerability uncovered by Tenaglia and Tanen was classed as a SQL injection bug, where they found they could inject data into databases used by WeMo devices.Read more
Apple has drastically scaled back its automotive ambitions, leading to hundreds of job cuts and a new direction that, for now, no longer includes building its own car.
Hundreds of members of the car team, which comprises about 1,000 people, have been reassigned, let go, or have left of their own volition in recent months, asking not to be identified because the moves aren’t public. New leadership of the initiative, known internally as Project Titan, has re-focused on developing an autonomous driving system that gives Apple flexibility to either partner with existing carmakers, or return to designing its own vehicle in the future.Read more
The Department of Homeland Security today formally announced its plan to develop a set of strategic principles for the Internet of Things, saying such a framework is necessary to protect the nation’s critical infrastructure from cyber threats.
In a brief talk at the Internet of Things Forum, Robert Silvers, the Assistant Secretary for Cyber Policy at the U.S. Department of Homeland Security, confirmed that the agency is developing a set of unifying principles to identify challenges and highlight practices for managing risk when it comes to IoT. Problems around IoT security have evolved into a public safety issue.Read more